From nobody Fri Aug 01 00:50:55 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4btS741PS8z63G6Q; Fri, 01 Aug 2025 00:50:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4btS740jQbz3Q4Q; Fri, 01 Aug 2025 00:50:56 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1754009456; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=iGoG+JgaV5zG21B/XDwcRH1psLYT4Z06AbJdgzme1iQ=; b=G0/bP7h6uMef3hT/a0/b3NbaiIUUrHV8hPkJBBVWxcpqY2bTtVwPvf+S7pMfpUIXIayAK7 qP/ZOt4sm1Bjg0Gsxs+52UafNdYIxl3OLsCeYW+CoJvxS7XBFZrjFsaQIFUkYX0ZciuuA2 Mv70YYYEYp8nA5kOBQxPMUG3yMNfSixLDm2j7wJ3w+KdIRXVOPQxMj1daZ5YPDbAWz2m4E rzdcCsZ+Q+jfo8WN410/VUNzNdMGFgFUiSRYdvb3TazjC13ADcCDPgL9gmnlkmclPw6ewC W3wh4Jxz4SvqjFQKz1ojxTIiVjEr27G8cDXxEtg5ouDawjD25og+dU8Kup7KIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1754009456; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=iGoG+JgaV5zG21B/XDwcRH1psLYT4Z06AbJdgzme1iQ=; b=vwc0RdgF92HBdFy6kkMH55avNv2WO9mHY6Yx1P4YmG2jkYYq2xWBL6t1aqSrQDopIJkkOq e7qYpj8PCcobL1qBajwyCpYgjiw44/hVgSVYY/1FiHFghwYnI5Pmvk0FVCIx1SSTzX2qyF RdN5EC4Lg57x+A7piUbpYpNatZjI68wTBFdJQAOBdOT0KOp3qzabbTCmx3AxRf9oXu4PGR Q2gxvf1L5mBgrp8/kIhF+WX8Vd6mtZa/P2LvPPmoc8RWxp/0ErR/6j55q1rFGfO5aEVKHM l7R0aIiDUk9EtYp8LeumetBA4X9oDWPHIAxWj7OYiK1yqRTftxwdkuuD9r+7Bg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1754009456; a=rsa-sha256; cv=none; b=IjnE7Rxjn+PdS6gLZovT9FvkiSaNUuotwOCuwKNsAsUEovQ/1gPslN+sUXxSy9ua09m7dd TT3l9yGtUPcs6gPvlw0gL/VS81IvhgOrRtUQxm4FmzQb2cDoYkOZB9WA8hauLA7D63RE9y SBaSpEkAmbvpPgH/JXozwAvFykxPv2zg4VhLa3bma676zIGE4h2+WCY5hCkh11RG55d13e Siv86msBc3TnzwIYFp9vrbDkZVNzSpryHMRpQIFCXFz3zLlsQwtv30QCyL/DVdqycmk+bQ vCaOfik4Mum16+F6a7RlhLg9RL6o1S2VUs3Km9yHMzwuUCh+sdm0s/YVbg8QbA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4btS7406wLz9P4; Fri, 01 Aug 2025 00:50:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5710otsE033947; Fri, 1 Aug 2025 00:50:55 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5710ot9i033944; Fri, 1 Aug 2025 00:50:55 GMT (envelope-from git) Date: Fri, 1 Aug 2025 00:50:55 GMT Message-Id: <202508010050.5710ot9i033944@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kyle Evans Subject: git: 09f2abaa59f9 - main - kern: add a new ucred flag for groups having been set List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 09f2abaa59f948e2d21604b5e528a264a6d8c329 Auto-Submitted: auto-generated The branch main has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=09f2abaa59f948e2d21604b5e528a264a6d8c329 commit 09f2abaa59f948e2d21604b5e528a264a6d8c329 Author: Kyle Evans AuthorDate: 2025-08-01 00:50:47 +0000 Commit: Kyle Evans CommitDate: 2025-08-01 00:50:47 +0000 kern: add a new ucred flag for groups having been set Now that we can legitimately have ngroups == 0 as a result of calling crsetgroups(), set a flag when we've set groups for the sake of sanity checking usage of crextend(). While it's true this flag will only really be used under INVARIANTS, it's only the second flag bit that we're adding in 16 years. Reviewed by: olce Differential Revision: https://reviews.freebsd.org/D51646 --- sys/compat/linux/linux_misc.c | 1 + sys/compat/linux/linux_uid16.c | 1 + sys/kern/kern_prot.c | 15 +++++++++++---- sys/sys/ucred.h | 1 + 4 files changed, 14 insertions(+), 4 deletions(-) diff --git a/sys/compat/linux/linux_misc.c b/sys/compat/linux/linux_misc.c index 31460819e6ab..5e32353c6b8e 100644 --- a/sys/compat/linux/linux_misc.c +++ b/sys/compat/linux/linux_misc.c @@ -1056,6 +1056,7 @@ linux_setgroups(struct thread *td, struct linux_setgroups_args *args) newcred->cr_ngroups = ngrp; for (int i = 0; i < ngrp; i++) newcred->cr_groups[i] = linux_gidset[i]; + newcred->cr_flags |= CRED_FLAG_GROUPSET; setsugid(p); proc_set_cred(p, newcred); diff --git a/sys/compat/linux/linux_uid16.c b/sys/compat/linux/linux_uid16.c index 9fe799c0b9de..1d9a19916412 100644 --- a/sys/compat/linux/linux_uid16.c +++ b/sys/compat/linux/linux_uid16.c @@ -117,6 +117,7 @@ linux_setgroups16(struct thread *td, struct linux_setgroups16_args *args) newcred->cr_ngroups = ngrp; for (int i = 0; i < ngrp; i++) newcred->cr_groups[i] = linux_gidset[i]; + newcred->cr_flags |= CRED_FLAG_GROUPSET; setsugid(td->td_proc); proc_set_cred(p, newcred); diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index 48ab7c0b520b..632be229af5b 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -2796,7 +2796,8 @@ crextend(struct ucred *cr, int n) size_t nbytes; MPASS2(cr->cr_ref == 1, "'cr_ref' must be 1 (referenced, unshared)"); - MPASS2(cr->cr_ngroups == 0, "groups on 'cr' already set!"); + MPASS2((cr->cr_flags & CRED_FLAG_GROUPSET) == 0, + "groups on 'cr' already set!"); groups_check_positive_len(n); groups_check_max_len(n); @@ -2890,6 +2891,7 @@ crsetgroups_internal(struct ucred *cr, int ngrp, const gid_t *groups) bcopy(groups, cr->cr_groups, ngrp * sizeof(gid_t)); cr->cr_ngroups = ngrp; + cr->cr_flags |= CRED_FLAG_GROUPSET; } /* @@ -2906,15 +2908,19 @@ crsetgroups(struct ucred *cr, int ngrp, const gid_t *groups) if (ngrp > ngroups_max) ngrp = ngroups_max; + cr->cr_ngroups = 0; + if (ngrp == 0) { + cr->cr_flags |= CRED_FLAG_GROUPSET; + return; + } + /* * crextend() asserts that groups are not set, as it may allocate a new * backing storage without copying the content of the old one. Since we * are going to install a completely new set anyway, signal that we * consider the old ones thrown away. */ - cr->cr_ngroups = 0; - if (ngrp == 0) - return; + cr->cr_flags &= ~CRED_FLAG_GROUPSET; crextend(cr, ngrp); crsetgroups_internal(cr, ngrp, groups); @@ -2936,6 +2942,7 @@ crsetgroups_fallback(struct ucred *cr, int ngrp, const gid_t *groups, if (ngrp == 0) { cr->cr_gid = fallback; cr->cr_ngroups = 0; + cr->cr_flags |= CRED_FLAG_GROUPSET; return; } diff --git a/sys/sys/ucred.h b/sys/sys/ucred.h index 4831d8cb6e1b..cd4efcb71c0d 100644 --- a/sys/sys/ucred.h +++ b/sys/sys/ucred.h @@ -44,6 +44,7 @@ * Flags for cr_flags. */ #define CRED_FLAG_CAPMODE 0x00000001 /* In capability mode. */ +#define CRED_FLAG_GROUPSET 0x00000002 /* Groups have been set. */ /* * Number of groups inlined in 'struct ucred'. It must stay reasonably low as